VPN gateway
Hi Guys
Having a few problems with setting up a VPN gateway on Linux,
specifically a debian firewall box and having windows 2000
boxes authenticate using certs.
I have generated a cert for the gateway machine using the openssl packages
and installed it. I have also configured freeswan to the best of my
knowledge and then generated a cert for a test windows 2000 machine and
afaik they are not authenticating.
Here is a copy of the freeswan config file on the VPN gateway:
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.
# basic configuration
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
# defaults for subsequent connection descriptions
# (mostly to fix internal defaults which, in retrospect, were badly chosen)
conn %default
keyingtries=2
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
leftsubnet=10.3.0.0/23
also=roadwarrior
conn roadwarrior
right=%any
left=%defaultroute
leftcert=gateway.pem
auto=add
pfs=yes
And here is a copy of the ipsec.conf file on the windows 2000 box:
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.
# basic configuration
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
# defaults for subsequent connection descriptions
# (mostly to fix internal defaults which, in retrospect, were badly chosen)
conn %default
keyingtries=2
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
leftsubnet=10.3.0.0/23
also=roadwarrior
conn roadwarrior
right=%any
left=%defaultroute
leftcert=gw.frame.co.za.pem
auto=add
pfs=yes
Any help would be appreciated.
..c
Reply to: